A vulnerability, which was classified as problematic , was found in html-template up to 1.25.8/1.26.1 on Go. This issue affects some unknown processing. Executing a manipulation can lead to cross site scripting. This vulnerability appears as CVE-2026-32289 . The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.